diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-08-08 12:03:34 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-08-08 12:03:34 +0200 |
commit | 5a45a93627609451784a04366cfa1150d32611d1 (patch) | |
tree | b901ba044e5a8e274060f5ae7d85243a12a1eaa5 | |
parent | b2c9cbafb8b1a2742978e1faf37fbb3cf4fb5d44 (diff) |
build-sys: enable a couple of security features
Most distributions enable these downstream anyway, but it probably makes
sense to enable them unconditionally upstream too.
-rw-r--r-- | Makefile.am | 7 | ||||
-rwxr-xr-x | autogen.sh | 4 | ||||
-rw-r--r-- | configure.ac | 22 |
3 files changed, 20 insertions, 13 deletions
diff --git a/Makefile.am b/Makefile.am index b1a8cc1990..6963722460 100644 --- a/Makefile.am +++ b/Makefile.am @@ -148,10 +148,11 @@ AM_CPPFLAGS = \ -I $(top_builddir)/src/core \ -I $(top_srcdir)/src/core \ -I $(top_srcdir)/src/libudev \ - -I $(top_srcdir)/src/udev + -I $(top_srcdir)/src/udev \ + $(OUR_CPPFLAGS) -AM_CFLAGS = $(WARNINGFLAGS) -AM_LDFLAGS = $(GCLDFLAGS) +AM_CFLAGS = $(OUR_GFLAGS) +AM_LDFLAGS = $(OUR_LDFLAGS) # ------------------------------------------------------------------------------ if TARGET_GENTOO diff --git a/autogen.sh b/autogen.sh index 33d8fcda23..86fe9b3785 100755 --- a/autogen.sh +++ b/autogen.sh @@ -54,7 +54,7 @@ args="$args \ fi if [ "x$1" = "xc" ]; then - ./configure CFLAGS='-g -O0 -Wp,-U_FORTIFY_SOURCE' $args + ./configure CFLAGS='-g -O0' $args make clean else echo @@ -62,6 +62,6 @@ else echo "Initialized build system. For a common configuration please run:" echo "----------------------------------------------------------------" echo - echo "./configure CFLAGS='-g -O0 -Wp,-U_FORTIFY_SOURCE' $args" + echo "./configure CFLAGS='-g -O0' $args" echo fi diff --git a/configure.ac b/configure.ac index 5145298204..d6a158396f 100644 --- a/configure.ac +++ b/configure.ac @@ -117,20 +117,26 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ -Wno-missing-field-initializers \ -Wno-unused-result \ -Werror=overflow \ - -Wp,-D_FORTIFY_SOURCE=2 \ -ffast-math \ -fno-common \ -fdiagnostics-show-option \ -fno-strict-aliasing \ -fvisibility=hidden \ -ffunction-sections \ - -fdata-sections]) -AC_SUBST([WARNINGFLAGS], $with_cflags) + -fdata-sections \ + -fstack-protector]) +AC_SUBST([OUR_CFLAGS], $with_cflags) + +CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\ + -Wp,-D_FORTIFY_SOURCE=2]) +AC_SUBST([OUR_CPPFLAGS], $with_cppflags) CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\ -Wl,--as-needed \ - -Wl,--gc-sections]) -AC_SUBST([GCLDFLAGS], $with_ldflags) + -Wl,--gc-sections \ + -Wl,-z,relro \ + -Wl,-z,now]) +AC_SUBST([OUR_LDFLAGS], $with_ldflags) AC_SEARCH_LIBS([clock_gettime], [rt], [], [AC_MSG_ERROR([*** POSIX RT library not found])]) AC_SEARCH_LIBS([dlsym], [dl], [], [AC_MSG_ERROR([*** Dynamic linking loader library not found])]) @@ -753,7 +759,7 @@ AC_MSG_RESULT([ Split /usr: ${enable_split_usr} man pages: ${have_manpages} - CFLAGS: ${CFLAGS} - CPPLAGS: ${CPPFLAGS} - LDFLAGS: ${LDFLAGS} + CFLAGS: ${OUR_CFLAGS} ${CFLAGS} + CPPLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS} + LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS} ]) |